half day public seminar on pdpa 2010 - 250711

HALF-DAY PUBLIC SEMINAR ON MALAYSIAN PERSONAL DATA

PROTECTION ACT (PDPA) 2010

25 July 2011, Monday, 9.30 am – 12 pmLegal Training Room, Menara SSM @ Sentral

By Noriswadi Ismail

Quotient Consulting

04/12/23 (c) 2011 Quotient Consulting, Information Is Invaluable

Vignette 1


Harimau Malaya, Malaysian, holds a Malaysian ID, passport, driving license, 3 Malaysian bank accounts, 2 mobile accounts and 5 loyalty membership cards. His details are also registered in 2 private clinics, 1 government hospital and 2 insurance companies. He has 1 bank account in London and Hong Kong respectively. He travels frequently for business and golfing. He is a director of 3 companies in Malaysia, London and Hong Kong. Also, an avid golfer of 3 golf clubs (Malaysia, Indonesia and Scotland).

Executive Summary

Q: What is PDPA 2010?

Q: Why we need to comply with PDPA 2010?

Q: What are the 7 data protection principles?

Q: Will PDPA 2010 kill my business operations?

Q: To what extend PDPA 2010 affects your business operations?

Q: We are a start-up and a semi medium sized company, how should we strategise?

Q: When should we start?

Q: Is there any additional compliance cost for this purpose?

Q: How about formality and enforcement?

Q: What’s next and the must-to-do list?

Q: How to ensure such data protection & privacy management sustainable?


What is PDPA 2010?

::: An Informational privacy legislation

::: 10 Parts (Preliminary, Personal Data Protection Principles, Registration, Data user forum and Code of practice, Rights of data subject, Exemption, Personal data Protection Fund, Personal Data Protection Advisory Committee, Appeal Tribunal, Inspection, Complaint and Investigation, Enforcement, Miscellaneous, Savings and Transitional Provisions)

::: 146 Sections

::: Jurisdiction: Malaysia


What is PDPA 2010?

::: Received Royal Assent on 2 June 2010, and gazetted a week later

::: Compliance commences: 3 months from the date of enforcement

::: Application: To commercial transactions only, not applicable to Federal and State Governments

::: Cross reference to: Electronic Commerce Act 2006’s definition on commercial transactions “…any transaction of a commercial nature, whether contractual or not, which includes any matters relating to the supply or exchange of goods or services, agency, investments, financing, banking, insurance, but does not include a credit reporting business carried out by a credit reporting agency…”

04/12/23 (c) 2011 Quotient Consulting, Information is Invaluable.

What is PDPA 2010?


What is PDPA 2010?*Regulator


What is PDPA 2010?


Why We need to comply with PDPA 2010?


What are the 7 data protection principles?


Will PDPA 2010 kill my business operations?

::: Yes, if, your business operations are inconsistent and non compliance with the PDPA 2010’s 7 data protection principles;

::: Yes, if, your business operations do not have the necessary framework, control, management and monitoring of the 7 data protection principles’ requirements;

::: No, as PDPA 2010 enhances trust, value and reputation of your business; and

::: No, as PDPA 2010 seeks to safeguard all of your data


To what extend PDPA 2010 affects your business operations?


We are a start-up and a semi medium sized company, how should we strategise?


When should we start?


Vignette 2


Keranamu is a Government Consultant who advises on strategic acquisition of certain stakes in Company 76, a public listed company, incorporated in Hong Kong. The proposed acquisition is channeled through a leading Government Investment arm. Company 76 appoints an European-based consultant to act on their behalf in the negotiations.

Is there any additional compliance cost for this purpose?


::: Yes, subject to the budget, resource planning & business plans

::: No, if it has been anticipated

How about formality and enforcement?


Vignette 3


Truly Asia Travels & Tours has been appointed by some governmental agencies and private companies as their exclusive travel agent. The terms of reference include managing such flight, hotel, travel itinerary and related bookings. The amount of data processing of data subjects, transfers and sharing are done globally.

What’s next and the to-do-list?


::: Strategic planning

::: Resource planning

::: Dissemination planning



::: Strategic planning



::: Resource Planning



::: Dissemination Planning

How to ensure such data protection & privacy management sustainable?


Vignette 4


Hospitals A1, A2 & A3 are government hospitals. These hospitals deal with patients who mostly consist the public and engage with local and international consultants.

Vignette 5


Universities B1, B2 & B3 are public universities. These universities engage with local and international students, consultants, international academics and universities globally.

THANK YOU

QC TM

London. Kuala Lumpur. Jakarta

Data Diagnosis | Privacy Impact Assessment | Data Protection & Privacy Strategy

Training | Data Protection & Privacy Certification | Public & Private Consultations

<[email protected]>


half day public seminar on pdpa 2010 - 250711

Business

invaluable keranamu

complywith pdpa

invaluable harimau malaya

personal data protection

rights of data subject

data user forum

affectsyourbusiness

credit reporting business